← Back to Skills Marketplace
433
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install feishu-img-send
Description
飞书图片发送 - 使用API直接发送图片到飞书 / Send images to Feishu via API
README (SKILL.md)
飞书图片发送 / Feishu Image Sender
通过飞书开放平台API发送图片。
使用方法 / Usage
命令行
# 发送图片
./scripts/send.sh \x3C图片路径> \x3C用户ID>
# 示例
./scripts/send.sh /tmp/test.png ou_xxxxxxxx
Python
from feishu_image import FeishuImageSender
sender = FeishuImageSender()
sender.send_image("/tmp/test.png", "ou_xxxxxxxx")
配置 / Configuration
脚本已内置APP_ID和APP_SECRET,无需额外配置。
原理 / How It Works
- 获取 tenant_access_token
- 上传图片到飞书获取 image_key
- 使用 image_key 发送图片消息
API调用
POST /open-apis/auth/v3/tenant_access_token/internal
POST /open-apis/im/v1/images
POST /open-apis/im/v1/messages
权限要求
- im:resource
- im:message
更新日志
- v1.0.0: 初始版本
Usage Guidance
This skill will upload whatever image file you pass to it to Feishu using the APP_ID/APP_SECRET embedded in the bundle. Before installing or running it: 1) Understand that your images will be uploaded to the publisher's Feishu app/tenant (possible privacy leakage). 2) Prefer a version that asks you to provide your own APP_ID/APP_SECRET (via environment vars or config) so uploads occur under your credentials. 3) If you must use this package, avoid sending sensitive images. 4) Consider asking the publisher who controls the Feishu app and whether the embedded credentials are intended for public use; if not, do not use it. 5) If you are the owner of the embedded credentials, rotate them immediately and replace the hardcoded secrets with configurable env vars. 6) Verify the Feishu app's permissions (im:resource, im:message) and audit recipients to prevent misuse.
Capability Analysis
Type: OpenClaw Skill
Name: feishu-img-send
Version: 1.0.0
The skill bundle contains hardcoded sensitive credentials (APP_ID and APP_SECRET) within scripts/send.sh and scripts/feishu_image.py. While the code performs its stated function of sending images to the Feishu API, hardcoding secrets is a major security vulnerability that could lead to unauthorized access or credential leakage, though no clear evidence of intentional malice or data exfiltration was found.
Capability Assessment
Purpose & Capability
Name/description match the implementation: both the Python and shell scripts call Feishu APIs to obtain a tenant token, upload an image, and send a message. However, the implementation relies on embedded app credentials rather than using credentials provided by the user, which is a design choice that should be explicit to users.
Instruction Scope
Runtime instructions and scripts only read the provided image path and target user ID and call Feishu endpoints. They do not attempt to read unrelated files, environment variables, or other system state. No evidence of exfiltration to endpoints outside Feishu.
Install Mechanism
No install spec — instruction-only with small helper scripts. Nothing is downloaded or written to disk by an installer. This is low install risk.
Credentials
The code embeds an APP_ID and APP_SECRET directly in both the Python and shell scripts rather than declaring required credentials or asking the user to supply their own. This is disproportionate from a privacy/credential perspective: user images will be uploaded under the publisher's Feishu app/tenant and the included secret is exposed in the skill bundle.
Persistence & Privilege
The skill does not request persistent presence (always=false) and does not modify other skills or system-wide settings. It runs only when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install feishu-img-send - After installation, invoke the skill by name or use
/feishu-img-send - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of feishu-image-sender (v1.0.0)
- Send images to Feishu users via API from shell or Python
- No extra configuration needed (includes app credentials)
- Supports image uploading and direct message sending via Feishu open platform
Metadata
Frequently Asked Questions
What is Feishu Img Send?
飞书图片发送 - 使用API直接发送图片到飞书 / Send images to Feishu via API. It is an AI Agent Skill for Claude Code / OpenClaw, with 433 downloads so far.
How do I install Feishu Img Send?
Run "/install feishu-img-send" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Feishu Img Send free?
Yes, Feishu Img Send is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Feishu Img Send support?
Feishu Img Send is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Feishu Img Send?
It is built and maintained by BOMBFUOCK (@bombfuock); the current version is v1.0.0.
More Skills